Re: security idea - bootable CD to check your system

I'm wondering why you are looking only at debian packages. Should the integrity check not be designed to tell you about all software on your system?

Then:

• Other Linux distributions would also benefit.
• You get more feedback / input / contributions.
• Your system is checked more thoroughly.

I have the impression there are projects already, that would do to the job with some tweaking (tripwire, ..)

Plus, you might as well bundle the check with a backup-system, since you are already looking at your system at rest, and no services are running to worry about.

Stephan

On 6/24/07, andy baxter <andy@earthsong.free-online.co.uk> wrote:
> Jim Popovitch wrote:
> > On Sun, 2007-06-24 at 16:50 +0100, andy baxter wrote:
> >
> >> The difference is that:
> >>
> >> a) These all run on the live system they are trying to protect,
> >>
> >
> > Unless you configure them to only write to an offline mount point that
> > is normally ro and only rw through external effort.... which is in
> > Tripwire's best practices.
> >
> > -Jim P.
> >
> OK, this would work. The problem for me is that it would involve turning
> the media r/w and updating the database every time I run apt-get to
> install security updates, which I do once a week. If I was running a
> large server farm and I was looking after it full time, this would be
> OK, but my situation is that I have two machines, both for personal use,
> and I don't want to have to devote my entire life to looking after the
> security on them. The machines are a laptop for general use, and a
> server which I use for testing and demonstrating small web-based
> projects I do for people on a voluntary basis. They are connected to the
> internet by ADSL, with only the server set to accept incoming connections.
>
> The other night, I had my laptop switched on and a sound file I had
> never heard before played through the speaker (it said 'hello' in
> someone else's voice). I'm assuming I've been cracked and it was
> someone's idea of a joke. I've halted the server in case that was their
> way in, and I'm planning to reinstall both my machines this week, but
> also looking for a more long term solution which I could put some time
> into now and save myself and anyone else who wants to use it a lot of
> trouble in the future.
>
> What I'm looking for is a solution where I can do security updates every
> week, as my first line of defence, but then have a fallback way of
> detecting intrusions which I could run maybe every month, which doesn't
> need too much work to keep on top of it once it's been set up. I can
> probably find ways of improving my security using existing tools, but it
> occurred to me that the system I described would be a pretty watertight
> check on whether a system has been cracked, which is what I'm looking for.
>
> andy baxter.
>
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

-- 
Stephan Wehner

-> 
http://stephan.sugarmotor.org
-> 
http://www.thrackle.org
-> 
http://www.buckmaster.ca
-> 
http://www.trafficlife.com
-> 
http://stephansmap.org


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org